package com.demo.expression;

import com.demo.common.LoginUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

import java.util.Collection;
import java.util.List;

@Component("demo")
public class DemoExpressionRoot {
    //此处不能配置，因为AntPathMatcher不再spring容器内
    AntPathMatcher antPathMatcher = new AntPathMatcher();//包含了通配符的判断

    public boolean hasAuthority(String authority) {
        //获取当前用户包含的所有权限
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        List<String> permissions = loginUser.getPermissions();//转为permissions,因为此时传来的对象authority是String类型的
        //判断用户权限中是否含有该接口的权限authority
        for (String permission : permissions) {
            if (antPathMatcher.match(permission,authority)){
                return true;
            }
        }
        return false;
    }
}
